I have a below string. I am trying to extract duration and url values as seperate fields.
024-01-15 15:42:54,536 [http-nio-8080-exec-8] INFO SessionId[BFFE839BE5DAA583341A8102DB3DE120] - startTime="2024-01-15 07:42:53,759",duration=637,url="http://greenhouse.insure.com/pages/mainform;jsessionid=BD52D6E6713E44278BC1C07D930570C7?1-1.IBehaviorListener.0-wizardFooter-footerMenu-footerPanelForm-footerRepeatingLink-1&SessionId=BFFE839BE5DAA583341A8102DB3DE120&_=1705304501944",event={handler=ListenerInterfaceRequestHandler,data={pageClass=com.tekinsure.tapas.runtime.ui.pages.SideMenuMainFormPage,pageId=1,pageParameters={SessionId=[BFFE839BE5DAA583341A8102DB3DE120]},renderCount=1,componentClass=org.apache.wicket.markup.html.list.ListItem,componentPath=wizardFooter:footerMenu:footerPanelForm:footerRepeatingLink:1,behaviorIndex=0,behaviorClass=com.tekinsure.runtime.ui.menu.footer.Butt
I am able to extract individual values using below grok filters.
(?:duration= %{BASE10NUM:duration}) %{URIPATH:url}
However it does not work when I try to add to logstash pipeline. match => ["message", "%{GREEDYDATA:Data} (?:duration=%{BASE10NUM:duration})"]
Wondering what I am doing wrong. Any workaround will be great help
Regards, Vijay
Now I am able to extract the duration using following, struglling with the url
%{GREEDYDATA:Data},(?:duration=%{BASE10NUM:duration:int})